module mirrormanager_container 1.0;

require {
    type container_t;
    type container_file_t;
    type mirrormanager_log_t;
    type nrpe_t;
    class file { append getattr };
}

# Allow mirrorlist to append to its log
allow container_t mirrormanager_log_t:file append;
# Allow nrpe to check file age of mirrorlist pkl files
allow nrpe_t container_file_t:file getattr;

